L3 Security Engineer (HashiCorp Vault / IPA), Security Engineering Section (RMI Security Eng. & Ops Dep)

Job Description:

About Organization

We are seeking a highly skilled and experienced L3 Engineer specializing in HashiCorp Vault and Identity, Policy, and Access (IPA) management. The successful candidate will be responsible for the design, implementation, maintenance, and troubleshooting of our critical security infrastructure, ensuring the secure management of secrets, identities, and access across our enterprise. This role requires deep technical expertise, a proactive approach to security, and the ability to operate independently in complex environments.

Job Duties

• System Design & Architecture: Lead the design and architectural planning for Vault and IPA solutions, ensuring scalability, high availability, and security best practices. Develop and maintain architectural documentation, standards, and guidelines for secrets management and identity access.

• Implementation & Deployment: Deploy, configure, and manage HashiCorp Vault clusters (both open-source and Enterprise). Implement and manage various Vault secret engines (e.g., KV, database, Transit, Kubernetes, SSH). Integrate Vault with various applications, services, and infrastructure components. Design and implement authentication methods within Vault (e.g., LDAP, OIDC, AWS EC2, Kubernetes). Configure and manage Identity, Policy, and Access (IPA) systems (e.g., FreeIPA, Active Directory integration, Okta, Ping Federate) to ensure robust identity management and access controls. Automate Vault and IPA deployments and configurations using Infrastructure as Code (IaC) tools (e.g., Terraform, Ansible).

• Operations & Support (L3): Provide expert-level (L3) support for all Vault and IPA-related incidents, problems, and requests. Perform root cause analysis for complex issues and implement permanent solutions. Monitor system health, performance, and security of Vault and IPA infrastructure. Conduct regular security audits, vulnerability assessments, and penetration testing on secrets management and identity systems. Develop and maintain runbooks, operational procedures, and documentation for Vault and IPA. Participate in an on-call rotation as required for critical systems.

• Security & Compliance: Ensure Vault and IPA configurations adhere to internal security policies, industry best practices, and regulatory compliance requirements (e.g., SOC2, ISO27001, PCI DSS). Implement and enforce least privilege access principles. Manage and rotate encryption keys and certificates securely.

• Collaboration & Mentorship: Collaborate with development, operations, and security teams to integrate Vault and IPA into CI/CD pipelines and application ecosystems. Provide technical guidance and mentorship to junior engineers and cross-functional teams. Stay current with emerging technologies, threats, and best practices in secrets management, identity, and access control.

Minimum Qualification

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field, or equivalent practical experience.

• 5+ years of experience in a hands-on engineering role, with a strong focus on security and infrastructure.

• 3+ years of dedicated experience with HashiCorp Vault, including advanced configuration, operation, and troubleshooting.

• Expert-level knowledge of HashiCorp Vault architecture, secret engines, authentication methods, policies, and replication.

• Strong experience with Identity, Policy, and Access (IPA) management systems (e.g., FreeIPA, Active Directory, Okta, Ping Federate, LDAP).

• Proficiency in at least one scripting language (e.g., Python, Go, Bash) for automation and integration.

• Solid understanding of cloud platforms and their native identity and access management (IAM) services.

• Experience with containerization technologies (Docker, Kubernetes) and securing applications within these environments.

• Strong understanding of network protocols, firewalls, load balancing (F5), and secure communication (TLS/SSL).

• Familiarity with security best practices, compliance frameworks, and auditing principles.

• Excellent problem-solving, analytical, and communication skills.

• Ability to work independently and as part of a collaborative team.

Languages:

English (Overall - 3 - Advanced)